SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP Trend Micro SPS and IMS diagnostic.log session disclosure attempt
This rule looks for HTTP requests for '/widget/repository/log/diagnostic.log'. A vulnerability has been identified where there are improper access controls placed on the log file and which makes it publicly accessible. An unauthenticated user could read this log file and gain access to the session tokens that have been assigned, thereby bypassing the need to authenticate themselves.
This rule alerts when a user attempts to access a log file on a Trend Micro SPS and IMS host that contains session tokens.
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE::ATT&CK Framework::Enterprise::Reconnaissance::Gather Victim Host Information
MITRE::ATT&CK Framework::Enterprise::Initial Access::Exploit Public-Facing Application
Authentication Bypass
An Authentication Bypass occurs when there is a way to avoid providing user credentials to a system before performing restricted operations on said system.
CVE-2017-11398 |
Loading description
|
CVE-2018-3609 |
Loading description
|